Get a demo
PlatformPartnersCompanyBlog
Attack Techniques

Privilege Escalation

Privilege Escalation

Privilege escalation is the act of exploiting a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.

Types of Privilege Escalation

Vertical Privilege Escalation (Privilege Gain)

Gaining higher privileges than currently held — for example, a standard user obtaining administrator or root access on a system.

Horizontal Privilege Escalation (Access Gain)

Accessing resources or functionality belonging to another user with the same privilege level — for example, accessing another user's account or data.

Common Techniques

On Windows

  • Token Manipulation: Impersonating access tokens of higher-privileged processes
  • UAC Bypass: Circumventing User Account Control mechanisms
  • Service Exploitation: Abusing misconfigured Windows services with weak permissions
  • DLL Hijacking: Placing malicious DLLs in locations where privileged processes load them
  • Kernel Exploits: Exploiting vulnerabilities in the Windows kernel

On Linux

  • SUID/SGID Abuse: Exploiting setuid/setgid binaries with elevated permissions
  • Sudo Misconfigurations: Abusing overly permissive sudo rules
  • Kernel Exploits: Exploiting Linux kernel vulnerabilities (Dirty Pipe, Dirty COW)
  • Cron Job Abuse: Modifying cron scripts that run as root
  • Wildcard Injection: Exploiting wildcards in shell commands

Why It Matters

Initial access often provides limited privileges. Attackers must escalate privileges to install persistent backdoors, access sensitive data, disable security tools, or move laterally to other systems. Privilege escalation is a critical step in nearly every successful attack chain.

Detection Strategies

  • Monitor for unusual process-to-process creation relationships
  • Alert on sensitive group membership changes (adding users to admin groups)
  • Track use of privilege escalation tools and techniques
  • Monitor for exploitation of known privilege escalation vulnerabilities
  • Implement application whitelisting and least-privilege policies

Mitigation

  1. Apply patches promptly, especially for known privilege escalation vulnerabilities
  2. Implement least-privilege access for all users and services
  3. Use privileged access management (PAM) solutions
  4. Harden operating system configurations (CIS Benchmarks)
  5. Monitor and audit privileged account usage

Related Terms

Related Reading

Glossary

Phishing

Phishing is a social engineering attack where threat actors use deceptive communications to trick victims into revealing credentials, clicking malicious links, or downloading malware.

Blog

Privilege escalation vulnerabilities discovered in Linux known as Nimbuspwn

Microsoft has disclosed a group of vulnerabilities in Linux known as Nimbuspwn that allows attackers to gain root privileges on a vulnerable system. Find out if you are vulnerable.

Glossary

Attack Surface

An organization's attack surface is the complete set of vulnerabilities, entry points, and exposure points through which a threat actor can attempt to gain unauthorized access to systems, data, or networks.

Blog

F5 BIG-IP critical vulnerability exploited by attackers to gain unauthenticated RCE

If you are a user of F5 BIG-IP, go patch! CVE-2022-1388 is a vulnerability in F5 BIG-IP that allows an unauthenticated attacker to run arbitrary commands, modify files, or disable services on unpatched systems.

← Back to Glossary